CN105528231B - A kind of software dynamic update method and system based on intermediate auxiliary function - Google Patents
A kind of software dynamic update method and system based on intermediate auxiliary function Download PDFInfo
- Publication number
- CN105528231B CN105528231B CN201610039757.0A CN201610039757A CN105528231B CN 105528231 B CN105528231 B CN 105528231B CN 201610039757 A CN201610039757 A CN 201610039757A CN 105528231 B CN105528231 B CN 105528231B
- Authority
- CN
- China
- Prior art keywords
- function
- updated
- updating
- new version
- program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 100
- 230000003068 static effect Effects 0.000 claims abstract description 48
- 230000008569 process Effects 0.000 claims abstract description 46
- 230000002159 abnormal effect Effects 0.000 claims abstract description 7
- 230000010354 integration Effects 0.000 claims abstract description 4
- 230000006870 function Effects 0.000 claims description 371
- 230000009191 jumping Effects 0.000 claims description 31
- 238000013507 mapping Methods 0.000 claims description 26
- 238000006243 chemical reaction Methods 0.000 claims description 10
- 238000012544 monitoring process Methods 0.000 claims description 9
- 238000005096 rolling process Methods 0.000 claims description 4
- 238000002347 injection Methods 0.000 claims description 3
- 239000007924 injection Substances 0.000 claims description 3
- 230000004048 modification Effects 0.000 claims description 3
- 238000012986 modification Methods 0.000 claims description 3
- 238000011084 recovery Methods 0.000 claims description 3
- 239000000725 suspension Substances 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 abstract description 3
- 238000003780 insertion Methods 0.000 abstract 1
- 230000037431 insertion Effects 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007429 general method Methods 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
- G06F8/656—Updates while running
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a kind of software dynamic update methods based on intermediate auxiliary function to generate intermediate auxiliary function by the function to be updated in the new/old edition code source file after analytical integration;Using intermediate auxiliary function and binary rewrite mechanism, respectively in function call stack function to be updated, be not in the function to be updated of function call stack and static variable to be updated is updated.Correspondingly, the invention also provides corresponding systems.The present invention efficiently solves the multiple checkpoint bring system losses of insertion and Deadlock, while ensuring to update upgrading safety, dynamic real-time update can be carried out to program, significantly reduce the Operating Complexity and overhead of user, simultaneously, rollback can be completed when updating and occurring any abnormal, guarantee the reliability of renewal process.The present invention is applicable to the application service of highly reliable continuous drive, can reduce because version updating leads to loss caused by system reboot.
Description
Technical Field
The invention belongs to the safety field in the research of cloud software reliability, and particularly relates to a software dynamic upgrading method and system based on an intermediate auxiliary function.
Background
In the using process of the software, the updating is continuously required to repair bugs and add functions, however, the traditional software updating requires that the software is firstly closed, and the software is restarted after the updating is finished. Thus, on the one hand, the software service may be down for a period of time, and on the other hand, the software service may lose the state before updating. This clearly reduces the availability of the service for software services that require 7/24 hours. But clearly reduces the security and service reliability of the software if no updates are employed. Aiming at the problem, the software dynamic upgrading method can complete the updating and upgrading work of the program under the condition that the program does not stop the service, and can ensure that the service state is not lost before and after the software is updated, thereby improving the availability and the reliability of the system.
In the existing dynamic software upgrading method, there are two general methods for updating the function in call, one is to wait for the function to be updated to return and then update. The other method is to complete the updating based on the safe updating point and the stack reconstruction method, namely when waiting for the thread to execute to a certain safe updating point in the function, the stack reconstruction work is carried out on the function stack of the thread, so that the function stack of the old version function is converted into the function stack of the new version function, and meanwhile, the thread jumps to the position of the new version function corresponding to the safe updating point to carry out the updating work.
However, both of the above methods have certain disadvantages and limitations. (1) The method for updating after waiting for the function to be updated to return cannot update some functions which cannot be returned, such as a main loop function, a scheduling function and the like, the functions are always in a function stack, and if the functions cannot be updated all the time, potential safety hazards also exist; (2) while checkpointing and stack reconstruction based methods can update functions at function call time, in a multi-threaded program it is difficult to get all threads to a safe update point. Some current approaches have been to make all threads of a program accessible to security checkpoints via a compiler. However, this method can only be applied to programs compiled by a specific compiler, and cannot perform upgrade and update work on general programs compiled by a general compiler. Other methods employ blocking threads so that all threads reach a checkpoint and then update, but this method may cause deadlock problems, and although the update may be forced at the deadlock, the thread blocked by the deadlock may be in an unsafe update location, where the forced update may affect the security and correctness of the program. While the method of stack reconstruction tends to have little change for some updates. The safe update point of some dynamic update methods can only be applied to a single-thread program, and a multi-thread program cannot reach the safe update point at the same time, so that the multi-thread program cannot be dynamically updated.
Updating a function that is deep in the calling level (for example, in a recursive function) by stack reconstruction is high in overhead, and a function stack may only have a few functions at the upper layer to be changed and need to be updated. Each thread in the multi-thread program has an independent stack, and if a stack reconstruction method is adopted, the updating time is prolonged, and more seriously, the program is suspended for a long time in the updating process.
In summary, the existing scheme of the dynamic software upgrading system has the following disadvantages:
some dynamic software upgrading methods (polls) can only update functions which are not in a function call stack, and cannot update the executing functions in real time, and if some functions which cannot be returned in a short time, such as a main loop function and a scheduling function, cannot be updated to the next version. Some dynamic upgrade methods (upstares) require specific compiler support, and therefore cannot dynamically update programs compiled using a general-purpose compiler. Some dynamic software upgrading methods (Kitsune) use a process as an updating unit, and in the updating process, all code data of a new version needs to be stored, so that the extra overhead is large, and the actual updating process is usually only changed a little. The safe update point of some dynamic update methods can only be applied to a single-thread program, and a multi-thread program cannot reach the safe update point at the same time, so that the multi-thread program cannot be dynamically updated.
Disclosure of Invention
Aiming at the defects or improvement requirements of the prior art, the invention provides a software dynamic upgrading method and system based on an intermediate auxiliary function, aiming at solving the limitations and the defects in the existing method for dynamically upgrading the deployed multithreading application program and ensuring the safety, the real-time performance and the effectiveness of the dynamic updating of the multithreading application program.
To achieve the above object, according to one aspect of the present invention, a method for dynamically upgrading software based on an intermediate auxiliary function is provided, where the method includes:
(1) acquiring and integrating an old version code source file and a new version code source file to obtain an integrated old version code source file and a new version code source file;
(2) generating a primary dynamic upgrade patch by comparing the integrated old version code source file and the new version code source file;
(3) static analysis is carried out to compare the functions to be updated in the integrated old version code source file and the new version code source file, the semantics of the functions to be updated are analyzed to generate a function semantic mapping table, and meanwhile, an intermediate auxiliary function is generated according to the functions to be updated;
(4) injecting the primary dynamic upgrade patch generated in the step (2) into the running program to be updated according to the initialization request of a user;
(5) after the dynamic upgrade patch is injected, obtaining a function to be updated and a static variable address to be updated corresponding to the program to be updated according to the function symbol name to be updated and the static variable symbol name to be updated;
(6) according to an updating request sent by a user, suspending all processes related to updating, and updating the static variable to be updated according to the acquired address of the static variable to be updated; meanwhile, checking whether the function to be updated is positioned in the function call stack, if so, updating the function to be updated positioned in the function call stack by using the middle auxiliary function; otherwise, directly updating the function to be updated which is not in the function call stack;
(7) the process suspended by the update is resumed and the update process ends.
More preferably, the step (3) specifically includes:
(3-1) analyzing the semantics of the function to be updated, acquiring and recording a safety updating instruction set of the function to be updated, and generating a function semantic mapping table;
(3-2) taking the parameter of the function to be updated as the parameter of the intermediate auxiliary function, and constructing and generating the intermediate auxiliary function, wherein the intermediate auxiliary function comprises control content, new version content of the function to be updated and old version content of the function to be updated; wherein,
the control content is used for converting the local variables and parameters of the old version of the function to be updated into the local variables and parameters of the new version, and is also used for judging whether the thread is in the safe updating instruction set according to the thread execution address in operation, if so, jumping to the content of the new version of the function to be updated, and returning after executing the content of the new version of the function to be updated; otherwise, jumping to the old version content of the function to be updated, and jumping to the new version content of the function to be updated when any instruction in the safe updating instruction set is executed;
and (3-3) modifying the old version content of the function to be updated of the intermediate auxiliary function, so that the old version content of the function to be updated of the intermediate auxiliary function accesses the new version data by using the conversion function.
Preferably, if all execution paths before any instruction in a section of instructions can guarantee that the semantics of the old version and the new version are consistent, the section of instructions is a safe update instruction set.
More preferably, the step (6) specifically includes:
(6-1) suspending all processes related to updating according to an updating request sent by a user, and converting all static variables to be updated in the old version into static variables in the new version;
(6-2) checking whether a function to be updated is located in a function call stack, if so, modifying the next binary instruction after the current execution position of the thread according to the function semantic mapping table in the step (3), stacking the current execution position of the thread, then jumping to the step (3) to generate an entry address of an intermediate auxiliary function, and updating by using the intermediate auxiliary function; otherwise, for the function to be updated which is not in the function call stack, the method for modifying the function entry address is used for updating.
As a further preferred, the method further comprises:
(1) saving a check point of a program to be updated before updating the program;
(2) and in the updating process, monitoring the state of the program to be updated in real time through the monitoring program, and if the program to be updated is abnormal, rolling back by using the check point to restore the state to the state before updating.
According to another aspect of the present invention, there is provided a system for dynamically upgrading software based on an intermediate auxiliary function, the system comprising:
the integration module is used for acquiring and integrating the old version code source file and the new version code source file to obtain an integrated old version code source file and a new version code source file;
the patch generating module is used for generating a primary dynamic upgrade patch by comparing the integrated old version code source file and the new version code source file;
the analysis module is used for statically analyzing and comparing the functions to be updated in the integrated old version code source file and the new version code source file, analyzing the semantics of the functions to be updated, generating a function semantic mapping table, and meanwhile, generating an intermediate auxiliary function according to the functions to be updated;
the injection module is used for injecting the generated primary dynamic upgrade patch into the running program to be updated according to the initialization request of the user;
the acquisition module is used for acquiring a function to be updated and a static variable address to be updated corresponding to the program to be updated according to the symbol name of the function to be updated and the symbol name of the static variable to be updated after the dynamic upgrade patch is injected;
the updating module is used for suspending all processes related to updating according to an updating request sent by a user and updating the static variable to be updated according to the acquired address of the static variable to be updated; meanwhile, checking whether the function to be updated is positioned in the function call stack, if so, updating the function to be updated positioned in the function call stack by using the middle auxiliary function; otherwise, directly updating the function to be updated which is not in the function call stack;
and the recovery module is used for recovering the suspended process caused by the updating, and the updating process is finished.
As a further preferred aspect, the analysis module specifically includes:
the first analysis and generation unit is used for analyzing the semantics of the function to be updated, acquiring and recording a safety updating instruction set of the function to be updated and generating a function semantic mapping table;
the second analysis and generation unit is used for taking the parameter of the function to be updated as the parameter of the intermediate auxiliary function, and constructing and generating the intermediate auxiliary function, wherein the intermediate auxiliary function comprises control content, new version content of the function to be updated and old version content of the function to be updated; wherein,
the control content is used for converting the local variables and parameters of the old version of the function to be updated into the local variables and parameters of the new version, and is also used for judging whether the thread is in the safe updating instruction set according to the thread execution address in operation, if so, jumping to the content of the new version of the function to be updated, and returning after executing the content of the new version of the function to be updated; otherwise, jumping to the old version content of the function to be updated, and jumping to the new version content of the function to be updated when any instruction in the safe updating instruction set is executed;
and the modifying unit is used for modifying the old version content of the function to be updated of the intermediate auxiliary function so as to access the new version data by using the conversion function.
Preferably, if all execution paths before any instruction in a section of instructions can guarantee that the semantics of the old version and the new version are consistent, the section of instructions is a safe update instruction set.
Preferably, the update module specifically includes:
the suspension unit is used for suspending all processes related to the update according to the update request sent by the user;
the static variable updating unit is used for converting all the static variables to be updated of the old version into the static variables of the new version;
the function updating unit is used for checking whether a function to be updated is positioned in a function call stack, if so, modifying the next binary instruction after the current execution position of the thread according to the function semantic mapping table, stacking the current execution position of the thread, then jumping to an entry address for generating an intermediate auxiliary function, and updating by using the intermediate auxiliary function; otherwise, for the function to be updated which is not in the function call stack, the method for modifying the function entry address is used for updating.
As a further preferred, the system further comprises:
the storage module is used for storing a check point of the program to be updated before the program is updated;
the monitoring module is used for monitoring the state of the program to be updated in real time through the monitoring program in the updating process;
and the rollback module is used for performing rollback by using the check point stored in the storage module when the program to be updated is abnormal, and restoring the program to be updated to the state before updating.
In general, compared with the prior art, the above technical solution according to the present invention mainly has the following technical advantages:
(1) and (4) universality. According to the method, the program to be updated does not need to be specially changed in advance, the running program is modified through the tracking tool, only part of binary jumps in the original program need to be modified, the help of a specific compiler is not needed, and the universality of the software dynamic upgrading method is improved;
(2) and (4) real-time performance. The method can directly update the program at any position at any time without waiting for the program to run to a safe update point, thereby effectively avoiding the situation that the function in calling cannot be updated, and meanwhile, when the multithread program is updated, the method does not need to wait for all threads to reach the safe update point and then update;
(3) multi-threaded security. According to the invention, the multithreading program can complete dynamic updating at the same time through the intermediate auxiliary function and the conversion function, the multithreading updating safety is ensured, the data consistency of the multithreading updating is also ensured, the unsafe updating problem caused by deadlock after a safety updating point is used is further avoided, and the inconsistent problem of new and old version data is also avoided;
(4) user operability. The important work of the method is completed before updating, and the work during updating is completed by the monitoring program without the assistance of a user. The traditional dynamic updating method that the user judges the updating time or sets the updating condition needs the user to master a large amount of knowledge related to dynamic updating, so the method of the invention can complete the dynamic updating of the software without the user to master any knowledge related to dynamic updating;
(5) and (6) reliability. When the software dynamic update has errors, a plurality of dynamic update systems cannot be restored to the state before the update, and particularly when the process crashes due to the update failure, the reliability of the software dynamic update is undoubtedly reduced, but the method can ensure that the update program quickly rolls back when the update program has errors so as to ensure the reliability of the software dynamic update;
(6) and the overhead is low. The original software dynamic upgrading method usually has excessive safe updating points and a large amount of code modification work, such as stack reconstruction and the like, in the program updating process. Most of the work of the invention is carried out before updating, and only little workload is needed in the updating process, thereby greatly improving the updating efficiency and reducing the updating cost;
drawings
FIG. 1 is a flow chart of the method for dynamically upgrading software based on an intermediate auxiliary function according to the present invention;
FIG. 2 is a block diagram of a system for dynamically upgrading software based on an intermediate auxiliary function according to the present invention;
FIG. 3 is a schematic diagram of a secure update instruction set;
FIG. 4 is a schematic diagram of the structure of the intermediate auxiliary function;
fig. 5(a) and (b) are flowcharts of the rollback operation in the method of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The overall idea of the invention is that a developer generates a primary dynamic upgrade patch containing a new function and an intermediate auxiliary function according to the source code of a new version and an old version, and the intermediate auxiliary function is utilized to solve the problem that the traditional multi-thread dynamic update needs to modify the source code of the old version or use a specific compiler to reform the source code of the old version. And then loading a dynamic upgrade patch during updating, suspending all threads, and realizing indirect jump by modifying the function entry address to realize updating of the function to be updated which is not in the function call stack. And modifying the next instruction of the currently executed instruction of the function to jump into the intermediate auxiliary function, and finishing the updating of the code and the variable by running the intermediate auxiliary function to the function to be updated in the function call stack.
As shown in FIG. 1, the multithreading software dynamic upgrade method based on asynchronous checkpoint of the present invention includes the following steps:
(1) acquiring an old version code source file and a new version code source file, and respectively integrating the old version code source file and the new version code source file through a merging function of Common Intermediate Language (CIL) to obtain an integrated old version code source file and an integrated new version code source file;
(2) comparing the integrated old version code source file with the new version code source file by a dynamic patch generating tool of an online upgrading system (Polus) (Powerful Live Updating System) to generate a primary dynamic upgrading patch;
(3) static analysis is carried out to compare the functions to be updated in the integrated old version code source file and the new version code source file, the semantics of the functions to be updated are analyzed to generate a function semantic mapping table, and meanwhile, an intermediate auxiliary function is generated according to the functions to be updated; the method specifically comprises the following substeps:
and (3-1) analyzing the semantics of the function to be updated, and acquiring and recording a safety updating instruction set of the function to be updated. The safe updating instruction set means that if all execution paths before any instruction in a section of instructions can ensure that the semantics of the functions of the old version and the new version are consistent, the section of instructions is the safe updating instruction set. In the method, the generation tool judges that the function semantics are consistent, namely that only the sequence and the version of codes on the execution paths of the new function and the old function are inconsistent, and the rest of the functions are all the same. And recording all the safe updating instruction sets of all the functions to be updated, and generating a function semantic mapping table. The developer can modify the safe updating instruction set of the function semantic mapping table according to the requirement of the developer.
And (3-2) taking the parameter of the function to be updated as the parameter of the intermediate auxiliary function, and constructing and generating the intermediate auxiliary function. The middle auxiliary function comprises control content, new version content of the function to be updated and old version content of the function to be updated.
The control content is used for converting local variables and parameters of the old version of the function to be updated into local variables and parameters of the new version of the function, and is also used for judging whether the thread is in a safe updating instruction set according to a thread execution address in operation, if so, jumping to the content of the new version of the function to be updated, and returning after executing the content of the new version of the function to be updated; otherwise, jumping to the old version content of the function to be updated, and jumping to the new version content of the function to be updated when any instruction in the safe updating instruction set is executed;
that is, the control content firstly converts the local variables and parameters of the old version of the function to be updated into the local variables and parameters of the new version, then obtains the current execution address of the thread in operation from the stack, queries the function semantic mapping table in the step (3-1), and judges whether the current instruction of the thread in operation is in the safe updating instruction set, if so, the corresponding position of the current execution address in the new version of the function to be updated can be obtained through the function semantic mapping table in the step (3-1), and then jumps to the position, that is, after the current instruction of the thread in operation enters the safe updating instruction set (including sequential entry, entry through branching, circulation and jump), a jump statement is added, so that the jump is carried out to the corresponding position of the new version of the function in the middle auxiliary function. (ii) a Otherwise, jumping to the corresponding position of the old version content of the function to be updated;
and (3-3) modifying the old version content of the function to be updated of the intermediate auxiliary function, so that the old version content of the function to be updated of the intermediate auxiliary function accesses the static variables, the local variables and the parameters of the new version by using the conversion function. That is, the content of the old version of the function to be updated is modified, and the data to be updated accessed by the content of the old version of the function to be updated is indirectly accessed by using the conversion function (i.e., the adapter function). The old version content of the function to be updated in the intermediate auxiliary function accesses the new version data (including static variables, local variables and parameters) by reading and writing the adaptive function.
(4) Injecting the primary dynamic upgrade patch generated in the step (2) into the running program to be updated according to the initialization request of a user;
(5) after the dynamic upgrade patch is injected, obtaining a function to be updated and a static variable address to be updated corresponding to the program to be updated according to the function symbol name to be updated and the static variable symbol name to be updated;
(6) according to an updating request sent by a user, suspending all processes related to updating, and updating the static variable to be updated according to the acquired address of the static variable to be updated; meanwhile, checking whether the function to be updated is positioned in the function call stack, if so, updating the function to be updated positioned in the function call stack by using the middle auxiliary function; otherwise, directly updating the function to be updated which is not in the function call stack; the method comprises the following substeps:
(6-1) suspending all processes related to updating according to an updating request sent by a user, and converting all static variables to be updated in the old version into static variables in the new version; for updating the static variables, three different conversion functions are respectively realized through three different types, namely a general type, a pointer type and an array type, and the static variables to be updated in the old version are converted into the static variables in the new version;
(6-2) checking whether a function to be updated is located in a function call stack, if so, modifying the next binary instruction after the current execution position of the thread according to the function semantic mapping table in the step (3), stacking the current execution position of the thread, then jumping to the step (3) to generate an entry address of an intermediate auxiliary function, and updating by using the intermediate auxiliary function; otherwise, for the function to be updated which is not in the function call stack, the method for modifying the function entry address is used for updating.
And updating the function to be updated which is not positioned in the function call stack by using the method for modifying the function entry address. And when the program runs to the function to be updated, directly jumping to the corresponding new version function for updating. Specifically, a binary code at the beginning of the function to be updated is replaced by a jmp instruction, so that the execution path jumps to the new version function, and the parameters and local variables of the function are mapped to the memory address of the new version function in a redirection mode.
And modifying the next execution instruction after the current execution position of the thread for the function to be updated in the function call stack, and jumping to an intermediate auxiliary function to finish updating the function being called. Specifically, a binary instruction next to the current execution position of the function to be updated (generally, the next binary instruction is the next binary instruction in sequence, and if the current instruction is a jump instruction, the jump instruction is a target address of the jump) is replaced by a jmp instruction, so that the execution path jumps to the intermediate auxiliary function. The parameters and local variables of the function are mapped to the memory address of the middle auxiliary function in a redirection mode, and the current execution position of the thread is recorded in the stack of the middle auxiliary function.
(7) The process suspended by the update is resumed and the update process ends.
The method of the invention also comprises the following steps: and when an error occurs in the updating process, rolling back to the state before updating through the monitoring program. The method specifically comprises the following steps:
(1) saving a check point of a program to be updated before updating the program;
(2) and in the updating process, monitoring the state of the program to be updated in real time through the monitoring program, and if the program to be updated is abnormal, rolling back by using the check point to restore the state to the state before updating.
Fig. 2 shows a software dynamic upgrade system based on an intermediate auxiliary function corresponding to the above method, where the system includes:
the integration module is used for acquiring and integrating the old version code source file and the new version code source file to obtain an integrated old version code source file and a new version code source file;
the patch generating module is used for generating a primary dynamic upgrade patch by comparing the integrated old version code source file and the new version code source file;
the analysis module is used for statically analyzing and comparing the functions to be updated in the integrated old version code source file and the new version code source file, analyzing the semantics of the functions to be updated, generating a function semantic mapping table, and meanwhile, generating an intermediate auxiliary function according to the functions to be updated;
the analysis module specifically comprises:
the first analysis and generation unit is used for analyzing the semantics of the function to be updated, acquiring and recording a safety updating instruction set of the function to be updated and generating a function semantic mapping table; the safe updating instruction set means that if all execution paths before any instruction in a section of instructions can ensure that the semantics of new and old versions are consistent, the section of instructions is the safe updating instruction set.
The second analysis and generation unit is used for taking the parameter of the function to be updated as the parameter of the intermediate auxiliary function, and constructing and generating the intermediate auxiliary function, wherein the intermediate auxiliary function comprises control content, new version content of the function to be updated and old version content of the function to be updated; wherein,
the control content is used for converting the local variables and parameters of the old version of the function to be updated into the local variables and parameters of the new version, and is also used for judging whether the thread is in the safe updating instruction set according to the thread execution address in operation, if so, jumping to the content of the new version of the function to be updated, and returning after executing the content of the new version of the function to be updated; otherwise, jumping to the old version content of the function to be updated, and jumping to the new version content of the function to be updated when any instruction in the safe updating instruction set is executed;
and the modifying unit is used for modifying the old version content of the function to be updated of the intermediate auxiliary function so as to access the new version data by using the conversion function.
The injection module is used for injecting the generated primary dynamic upgrade patch into the running program to be updated according to the initialization request of the user;
the acquisition module is used for acquiring a function to be updated and a static variable address to be updated corresponding to the program to be updated according to the symbol name of the function to be updated and the symbol name of the static variable to be updated after the dynamic upgrade patch is injected;
the updating module is used for suspending all processes related to updating according to an updating request sent by a user and updating the static variable to be updated according to the acquired address of the static variable to be updated; meanwhile, checking whether the function to be updated is positioned in the function call stack, if so, updating the function to be updated positioned in the function call stack by using the middle auxiliary function; otherwise, directly updating the function to be updated which is not in the function call stack;
the update module specifically includes:
the suspension unit is used for suspending all processes related to the update according to the update request sent by the user;
the static variable updating unit is used for converting all the static variables to be updated of the old version into the static variables of the new version;
the function updating unit is used for checking whether a function to be updated is positioned in a function call stack, if so, modifying the next binary instruction after the current execution position of the thread according to the function semantic mapping table, stacking the current execution position of the thread, and then jumping to an entry address for generating an intermediate auxiliary function; otherwise, for the function to be updated which is not in the function call stack, the method for modifying the function entry address is used for updating.
And the recovery module is used for recovering the suspended process caused by the updating, and the updating process is finished.
As a further preferred, the system further comprises:
the storage module is used for storing a check point of the program to be updated before the program is updated;
the monitoring module is used for monitoring the state of the program to be updated in real time through the monitoring program in the updating process;
and the rollback module is used for performing rollback by using the check point stored in the storage module when the program to be updated is abnormal, and restoring the program to be updated to the state before updating.
As shown in fig. 3, during the updating process, some update locations are locations that can ensure that there is a corresponding safe update in the new function, such as update points a, c. But at some update locations there is no secure update location in the new function corresponding to it, e.g., update point b. This may result in the function fun being executed twice if the update is forced at a non-secure update location, resulting in various agnostic errors. Through analysis, when the execution paths of the new version function and the old version function of all branches before the update point are consistent semantically, the unsafe updating behavior caused by the fact that the statement misses execution or redundant execution does not occur during updating. In practice, the safe update position is always continuous, so that the safe update position can be recorded in a range-changing mode to form a function semantic mapping table. Therefore, whether an operation position is a safe updating position or not can be judged by inquiring the function semantic mapping table, and a jump position corresponding to any one safe position can be obtained by inquiring the function semantic mapping table.
The intermediate auxiliary function is constructed as shown in fig. 4, first, an old version local variable and a parameter are converted into a new version local variable and a parameter, then, a current execution address of the function is obtained from a stack, a function semantic mapping table in step (3-1) is queried to judge whether an instruction of the current execution address of the thread is in a safe update instruction set, if the instruction of the current execution address of the function is in the safe update instruction set, a position corresponding to the content of the new version of the function to be updated in the intermediate auxiliary function of the current execution address of the function can be obtained through the function semantic mapping table in step (3-1), and then, the position is jumped to. And if the current execution address of the function is not in the safe updating instruction set, jumping to the corresponding position of the old version content of the function to be updated in the intermediate auxiliary function. The next part of the intermediate auxiliary function is a complete function to be updated of the new version and a modified function to be updated of the old version. And (3) after the content of the old version of the function to be updated enters a statement of a safe updating instruction set (including sequential entry, entry through branching, circulation and jumping), adding a jump statement, and jumping to the corresponding part of the content of the new version of the function to be updated of the middle auxiliary function. In the updating process, it is assumed that the function updating situation is as shown in fig. 2, when the function currently executes the statement status 4, after jumping to the intermediate auxiliary function, the query statement status 4 is an unsafe location, so that the function to be updated is jumped to the old version content to continue executing, and when the old version content to be updated is executed to the status 6, the function to be updated enters the safe updating range, so that the function to be updated is jumped to the new version content to complete the updating work of the function. The data to be updated accessed by the old version content of the function to be updated in the intermediate function is indirectly accessed by the conversion function, so that all threads in the multithreading program are ensured to access the same data, and the consistency of the data of the multithreading program is ensured
The rollback step is schematically shown in fig. 5, where fig. 5(a) shows the update program operation step and fig. 5(b) shows the monitor program operation step. Before updating, the monitoring program saves the check point of the program to be updated. During the update process, there are two mechanisms to discover the exception, one is to notify the monitor program to rollback by the update program error. However, if the update error is a serious error (process crash), the update program cannot notify the monitor program that an exception occurs in the update process. The present invention therefore provides another mechanism: and the monitoring program acquires the state of the updating program at regular time, and rolls back if the abnormality is found. The rollback process is to restore the program to the state before updating by using the check points saved in advance.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (6)
1. A method for dynamically upgrading software based on an intermediate auxiliary function is characterized by comprising the following steps:
(1) acquiring and integrating an old version code source file and a new version code source file to obtain an integrated old version code source file and a new version code source file;
(2) generating a primary dynamic upgrade patch by comparing the integrated old version code source file and the new version code source file;
(3) static analysis is carried out to compare the functions to be updated in the integrated old version code source file and the new version code source file, the semantics of the functions to be updated are analyzed to generate a function semantic mapping table, and meanwhile, an intermediate auxiliary function is generated according to the functions to be updated;
(4) injecting the primary dynamic upgrade patch generated in the step (2) into the running program to be updated according to the initialization request of a user;
(5) after the dynamic upgrade patch is injected, obtaining a function to be updated and a static variable address to be updated corresponding to the program to be updated according to the function symbol name to be updated and the static variable symbol name to be updated;
(6) according to an updating request sent by a user, suspending all processes related to updating, and updating the static variable to be updated according to the acquired address of the static variable to be updated; meanwhile, checking whether the function to be updated is positioned in the function call stack, if so, updating the function to be updated positioned in the function call stack by using the middle auxiliary function; otherwise, directly updating the function to be updated which is not in the function call stack;
(7) the process suspended due to updating is recovered, and the updating process is finished;
the step (3) specifically comprises:
(3-1) analyzing the semantics of the function to be updated, acquiring and recording a safety updating instruction set of the function to be updated, and generating a function semantic mapping table;
(3-2) taking the parameter of the function to be updated as the parameter of the intermediate auxiliary function, and constructing and generating the intermediate auxiliary function, wherein the intermediate auxiliary function comprises control content, new version content of the function to be updated and old version content of the function to be updated; wherein,
the control content is used for converting the local variables and parameters of the old version of the function to be updated into the local variables and parameters of the new version, and is also used for judging whether the thread is in the safe updating instruction set according to the thread execution address in operation, if so, jumping to the content of the new version of the function to be updated, and returning after executing the content of the new version of the function to be updated; otherwise, jumping to the old version content of the function to be updated, and jumping to the new version content of the function to be updated when any instruction in the safe updating instruction set is executed;
(3-3) modifying the old version content of the function to be updated of the intermediate auxiliary function, so that the old version content of the function to be updated of the intermediate auxiliary function accesses the new version data by using a conversion function;
if all execution paths before any instruction in a section of instructions can ensure that the semantics of the new version and the old version are consistent, the section of instructions is a safe updating instruction set.
2. The method according to claim 1, characterized in that said step (6) comprises in particular:
(6-1) suspending all processes related to updating according to an updating request sent by a user, and converting all static variables to be updated in the old version into static variables in the new version;
(6-2) checking whether the function to be updated is located in the function call stack, if so, modifying the next binary instruction after the current execution position of the thread according to the function semantic mapping table in the step (3), stacking the current execution position of the thread, and then jumping to the step (3) to generate an entry address of the intermediate auxiliary function; otherwise, for the function to be updated which is not in the function call stack, the method for modifying the function entry address is used for updating.
3. The method of any one of claims 1-2, further comprising:
(1) saving a check point of a program to be updated before updating the program;
(2) and in the updating process, monitoring the state of the program to be updated in real time through the monitoring program, and if the program to be updated is abnormal, rolling back by using the check point to restore the state to the state before updating.
4. A system for dynamically upgrading software based on an intermediate auxiliary function, the system comprising:
the integration module is used for acquiring and integrating the old version code source file and the new version code source file to obtain an integrated old version code source file and a new version code source file;
the patch generating module is used for generating a primary dynamic upgrade patch by comparing the integrated old version code source file and the new version code source file;
the analysis module is used for statically analyzing and comparing the functions to be updated in the integrated old version code source file and the new version code source file, analyzing the semantics of the functions to be updated, generating a function semantic mapping table, and meanwhile, generating an intermediate auxiliary function according to the functions to be updated;
the injection module is used for injecting the generated primary dynamic upgrade patch into the running program to be updated according to the initialization request of the user;
the acquisition module is used for acquiring a function to be updated and a static variable address to be updated corresponding to the program to be updated according to the symbol name of the function to be updated and the symbol name of the static variable to be updated after the dynamic upgrade patch is injected;
the updating module is used for suspending all processes related to updating according to an updating request sent by a user and updating the static variable to be updated according to the acquired address of the static variable to be updated; meanwhile, checking whether the function to be updated is positioned in the function call stack, if so, updating the function to be updated positioned in the function call stack by using the middle auxiliary function; otherwise, directly updating the function to be updated which is not in the function call stack;
the recovery module is used for recovering the suspended process caused by the updating, and the updating process is finished;
the analysis module specifically comprises:
the first analysis and generation unit is used for analyzing the semantics of the function to be updated, acquiring and recording a safety updating instruction set of the function to be updated and generating a function semantic mapping table;
the second analysis and generation unit is used for taking the parameter of the function to be updated as the parameter of the intermediate auxiliary function, and constructing and generating the intermediate auxiliary function, wherein the intermediate auxiliary function comprises control content, new version content of the function to be updated and old version content of the function to be updated; wherein,
the control content is used for converting the local variables and parameters of the old version of the function to be updated into the local variables and parameters of the new version, and is also used for judging whether the thread is in the safe updating instruction set according to the thread execution address in operation, if so, jumping to the content of the new version of the function to be updated, and returning after executing the content of the new version of the function to be updated; otherwise, jumping to the old version content of the function to be updated, and jumping to the new version content of the function to be updated when any instruction in the safe updating instruction set is executed;
the modification unit is used for modifying the old version content of the function to be updated of the intermediate auxiliary function so as to access the new version data by using the conversion function;
if all execution paths before any instruction in a section of instructions can ensure that the semantics of the new version and the old version are consistent, the section of instructions is a safe updating instruction set.
5. The system of claim 4, wherein the update module specifically comprises:
the suspension unit is used for suspending all processes related to the update according to the update request sent by the user;
the static variable updating unit is used for converting all the static variables to be updated of the old version into the static variables of the new version;
the function updating unit is used for checking whether a function to be updated is positioned in a function call stack, if so, modifying the next binary instruction after the current execution position of the thread according to the function semantic mapping table, stacking the current execution position of the thread, and then jumping to an entry address for generating an intermediate auxiliary function; otherwise, for the function to be updated which is not in the function call stack, the method for modifying the function entry address is used for updating.
6. The system of any one of claims 4-5, further comprising:
the storage module is used for storing a check point of the program to be updated before the program is updated;
the monitoring module is used for monitoring the state of the program to be updated in real time through the monitoring program in the updating process;
and the rollback module is used for performing rollback by using the check point stored in the storage module when the program to be updated is abnormal, and restoring the program to be updated to the state before updating.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610039757.0A CN105528231B (en) | 2016-01-21 | 2016-01-21 | A kind of software dynamic update method and system based on intermediate auxiliary function |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610039757.0A CN105528231B (en) | 2016-01-21 | 2016-01-21 | A kind of software dynamic update method and system based on intermediate auxiliary function |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105528231A CN105528231A (en) | 2016-04-27 |
| CN105528231B true CN105528231B (en) | 2019-03-05 |
Family
ID=55770478
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610039757.0A Active CN105528231B (en) | 2016-01-21 | 2016-01-21 | A kind of software dynamic update method and system based on intermediate auxiliary function |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105528231B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106980515B (en) * | 2016-10-28 | 2020-04-14 | 阿里巴巴集团控股有限公司 | Application upgrading method and device |
| CN108134763B (en) * | 2016-12-01 | 2021-07-13 | 南宁富桂精密工业有限公司 | Attack coping method and system |
| CN107092496A (en) * | 2016-12-28 | 2017-08-25 | 北京小度信息科技有限公司 | The upgrade method and device of a kind of application software |
| CN111124444B (en) * | 2018-11-01 | 2023-12-19 | 百度在线网络技术(北京)有限公司 | Method of code injection, apparatus therefor, computer program product, and storage medium |
| CN109445823A (en) * | 2018-11-02 | 2019-03-08 | 长虹美菱股份有限公司 | A kind of MCU firmware fast updating method |
| CN112114848A (en) * | 2020-09-11 | 2020-12-22 | 北京达佳互联信息技术有限公司 | Drive updating method, device, system, electronic equipment and storage medium |
| CN112764788B (en) * | 2021-01-19 | 2023-06-16 | 南京大学 | Software dynamic update hot patch synthesis method based on program source code slice recombination |
| CN113204356B (en) * | 2021-06-02 | 2023-11-07 | 吉林大学 | Application program dynamic updating method for vehicle-mounted embedded equipment |
| CN113608846A (en) * | 2021-07-20 | 2021-11-05 | 阿里巴巴(中国)有限公司 | Data checking method, device and equipment of process stack |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101799763A (en) * | 2009-02-10 | 2010-08-11 | 华为技术有限公司 | Method, device and system for patching kernel on line |
| US8793662B2 (en) * | 2008-03-25 | 2014-07-29 | Microsoft Corporation | Runtime code hooking for print driver and functionality testing |
| CN103984582A (en) * | 2014-06-04 | 2014-08-13 | 网易(杭州)网络有限公司 | Method and device for hot updating |
| CN104111848A (en) * | 2014-06-27 | 2014-10-22 | 华中科技大学 | Multi-thread software dynamic upgrading method based on asynchronous check points |
-
2016
- 2016-01-21 CN CN201610039757.0A patent/CN105528231B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8793662B2 (en) * | 2008-03-25 | 2014-07-29 | Microsoft Corporation | Runtime code hooking for print driver and functionality testing |
| CN101799763A (en) * | 2009-02-10 | 2010-08-11 | 华为技术有限公司 | Method, device and system for patching kernel on line |
| CN103984582A (en) * | 2014-06-04 | 2014-08-13 | 网易(杭州)网络有限公司 | Method and device for hot updating |
| CN104111848A (en) * | 2014-06-27 | 2014-10-22 | 华中科技大学 | Multi-thread software dynamic upgrading method based on asynchronous check points |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105528231A (en) | 2016-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105528231B (en) | A kind of software dynamic update method and system based on intermediate auxiliary function | |
| EP4004738B1 (en) | Time-travel debugging with hot code replacement | |
| CN104111848B (en) | Multi-thread software dynamic upgrading method based on asynchronous check points | |
| US7966459B2 (en) | System and method for supporting phased transactional memory modes | |
| Diegues et al. | {Self-Tuning} Intel Transactional Synchronization Extensions | |
| Wang et al. | Coverage guided systematic concurrency testing | |
| US8819352B2 (en) | Hybrid Transactional Memory (HybridTM) | |
| US8095824B2 (en) | Performing mode switching in an unbounded transactional memory (UTM) system | |
| US8677331B2 (en) | Lock-clustering compilation for software transactional memory | |
| US20110246823A1 (en) | Task-oriented node-centric checkpointing (toncc) | |
| CN101446918B (en) | Method for realizing debugging of single function by user state debugger and system thereof | |
| CN102955737B (en) | The program debugging method of heterogeneous processor system and system | |
| US20110029819A1 (en) | System and method for providing program tracking information | |
| Cho et al. | Revamping hardware persistency models: view-based and axiomatic persistency models for Intel-x86 and Armv8 | |
| US20090328005A1 (en) | Debugger call stack caching | |
| US11294791B2 (en) | Code optimization for connected managed runtime environments | |
| Ottoni et al. | Hhvm jump-start: Boosting both warmup and steady-state performance at scale | |
| US9697040B2 (en) | Software replayer for transactional memory programs | |
| CN109885489A (en) | Data contention detection method and device in driver | |
| Von Praun et al. | Conditional memory ordering | |
| US8689206B2 (en) | Isolating operating system in-memory modules using error injection | |
| Huang et al. | {PYLIVE}:{On-the-Fly} code change for Python-based online services | |
| Gu et al. | Improving reliability of dynamic software updating using runtime recovery | |
| Ma et al. | Efficient Scheduler Live Update for Linux Kernel with Modularization | |
| García-Yágüez et al. | Exclusive squashing for thread-level speculation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |